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ABSTRACT 

We live in that era of time where security is the prime 
concern everywhere. Nowadays several unauthorized 
groups are now available in the domain of computer 
networking. Designing a secure system against 
attacking is always a challenging task for network 
developers. Here you can see Layer 2 and 3 attacks on 
Packet Tracer and also provide their defense 
mechanism. 

Keywords: router, security, packet tracer, router, 
hubs, networking, network admistrator, hacking 

I. INTRODUCTION 

As we know that data link layer is completely 
responsible for encoding as well as decoding where 
hacking is easily possible. The data link layer is the 
second layer which is mentioned into the OSI 
reference model. In addition to this this layer is also 
responsible for transmission error as well as regulate 
the flow of data. This paper explains different defense 
mechanism for restricting against the hacking. Here 
we can see many mechanism including DHCP 
spoofing, DHCP spoofing and many more. These 
defense mechanisms actually control the various 
network access from unauthorized groups. 

II. ROOT ATTACK 

As we know that we may have more than one root for 
any destination s we may consider STP protocol. STP 
stands for spanning tree protocol which is IEEE 
802.ID. Spanning tree protocol builds a loop-free 
logical topology for any Ethernet networks. This 
algorithm is specially designed for avoiding any 
bridge loops. In any case if the best path fails, the 


algorithm recalculates the network and finds the next 
best route. As we can see that this path may have root 
switch or root node which is made either by election 
among the switches on basis of priority or network 
administrator assign it. 



III. DTP Attack 

DTP stands for dynamic trunking protocol which is 
used to negotiate a trunk between two cisco devices. 
As we know that dynamic trucking protocol is Cisco 
proprietary trunking protocol which is used for 
negotiating the encapsulation type of either IEEE 
802.IQ or Cisco ISL (Inter-Switch Link). 

Here we design the system for VLAN 1 (Virtual local 
area neworkl) but suppose the network which is to be 
hacked is not in the VLAN 2. Then we analyze the 
root id as well as bridge id having VLAN group. 

Configuration to Block the Path 

Switch>enable 
Switch#show vtp status 
Switch#conf t 
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Switch(config)#vtp domain screm 

Changing VTP 2 domain name from NULL to srcem 

Switch(config)#no vlan 10 


unused ports. Now we can say that by using the above 
two methods we can easily get from the problem. This 
is called DHCP starvation and spoofing attack. Also 
time limit is also configured to the DHCP server for 
assigning the IP address. 


IV. DHCP SPOOFING 

As we know that DHCP stands for dynamic host 
configuration protocol which is used to dynamically 
assign IP (Internet Protocol) to any device. 
Additionally, in DHCP spoofing we can easily have 
configured fake DHCP server to assign the DHCP 
address to the clients. 

V. DHCP Starvation 

This is DHCP starvation in which any of the attacker 
consumes all the available IP addresses with change 
of its MAC (Media Access Control) address. Here we 
have a new concept of IP address which are issued. 
Now the server can’t issue any new more address for 
accessing any network. 

VI. Defense Mechanism 

Now we can easily observe that here are some attacks 
which are created on packet tracer affect the layer 2 
and 3 are overcome by using the following defense 
mechanism. 

7.1 Root Attack 

This is a defense mechanism which affects the layer 2 
and layer 3 using packet tracer. Now we can easily 
enable root guard. In addition to this we can also the 
VLAN group. 

7.2 DTP Attack 

For preventing DTP attack port security feature is 
used. If another MAC address device use the port then 
port of the switch automatically becomes off. We can 
also prevent the DTP attack by configuring access 
mode and disable dynamic trunking protocol. 

7.3 Routing Protocol Attack 

If inner port of the router is configured as passive port 
then no updates will exchanged with the attacker. 


VIII. results 
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7.4 DHCP Starvation and Spoofing attack 

Nowadays we have an additional feature of port 
security. In addition to this we can also shut down the 
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Conclusions 

After reading this technical paper we can easily 
predict that the two layers including data link layer as 
well as network layer both are vulnerable to attacks 
including spoofing attack, DHCP starvation and DTP 
attack also. Now we can say that port security can be 
considered as one of the trustworthy method. In 
addition to this we can also say that root attack can 
also be overcome by enabling root guard and BPDU 
guard. Additionally we can also consider the concept 
of AD (Administrative Distance) for selecting the 
optimum path. 

In this thesis, attacks are shown and demonstrated 
using a simulator called “PACKET TRACER”. 
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